(CNS Business): Unsuspecting employees in Cayman are being targeted by criminals with ‘Scareware’ and sophisticated email scams, enabling them to siphon off cash from these companies without the need for complex hacking techniques. The FBI’s Internet Crime Complaints Center (ICC) has issued an alert surrounding Business Email Compromise (BEC), which it called the $3.1 Billion Dollar Scam and said that exposed losses in the US have jumped by 1300% since January 2015, with businesses of all sizes being targeted.

The scam involves compromising legitimate business email accounts, so that fake messages can be sent with instructions to send funds via wire transfer to an account overseas.

“There have been a number of instances in Cayman where senior members of staff have received instructions purporting to be from other staff members, board directors and clients requesting the transfer of funds,” said David Smailes, principal at IT specialists Pivot Advisors. “All organistions are susceptible, not just the Financial Services sector,” he said.

Businesses that work regularly with foreign suppliers that frequently perform wire transfers are especially vulnerable, the FBI said, adding that fraudulent transfers are being sent to 79 countries around the world, with the majority going to Asian banks in China and Hong Kong.

Victims are usually monitored first over social media, as criminals aim to accurately identify the individuals at companies who perform wire transfers regularly as part of their duties. “Phishing” emails may also be sent to solicit further details regarding the individual being targeted at the company, such as names and travel dates. Ransomware cyber intrusions, or scareware incidents, which trick users into downloading malicious software, have been seen to be used immediately before a BEC attack, providing unfettered access to the victim’s data, including passwords or financial account information.

“The techniques being used are becoming more sophisticated,” Smailes said. “Social engineering teams will scrape information from social media platforms to identify staff that are vulnerable or disillusioned in an attempt to extract information that is useful in gaining unauthorised entry to systems. Malware is increasingly tailored for specific environments and botnets are leased to hackers to target specific sites that have been identified as vulnerable”

Smailes said any assumption that the only threat is coming from lone hackers working from home is no longer valid.

“There are estimates that over 100 governments are now preparing for, or have deployed, cyber-attack and defense teams” he said, “while in the private sector, criminals are increasingly working in a network of teams to leverage deeper skills and technology. We are also seeing a number of hacktivist groups that are seeking to raise awareness on issues through exposure of data through the media.”

The failed attempt by scammers to infiltrate the Information and Communications Technology Authority (ICTA) in Cayman earlier this year highlighted this threat to business here, which has gained increased international prominence, with more than 22,000 companies being hit.

The ICTA has established a Cyber Incident Response Team (CIRT), which is understood to be extended to the private sector with a vetted membership and a secure portal to report incidents and exchange information.

“Cayman is not immune to these threats and firms here should not be complacent,” Smailes said. “The ICTA’s initiative will increase awareness and provide a valuable tool for addressing the issue as a community.”

Protection against intrusion attacks starts with robust IT security policies, which should be followed by all members of staff, with vigilance and caution key, according to Smailes. Don’t use unapproved USB drives or DVDs and be especially careful before clicking on any links, attachments or requests to confirm sensitive data.

“An effective a cyber security framework will filter out over 70% of potential attacks, but technology is obviously an important element of prevention and response as well,” he said. “There are a wide number of tools available that protect the perimeter and interior of networks and these should be deployed based on need. Organisations that have high value data assets will need to invest more than those that simply store publicly available information. In establishing the value of data consider both how important that data is to the operations of the firm and also how it could be exploited and monetized by third parties if leaked from the firm.”

Firms should also make sure their software is kept up to date and regularly patched, while penetration tests can isolate any vulnerabilities in networks and help mitigate against potential threats and if that all sounds too complex, then get an independent specialists to walk you through it.

Like this:

Please include your email address in the form below if you are using your real name. You can use a pseudonym, with or without leaving an email address, or just leave the form blank to be "Anonymous". All comments will be moderated before they are published. The CNS Comment Policy is at the top of this page. Cancel reply

(CNS Foodie): My partner and I arrived for brunch at Agua just after the 11:30am opening, already starving and anxious to get started on the meal. After a little wait to get seated we were ushered to our booked table, which we were sharing with some friends. A waiter arrived and explained the menu to us. The “food and bubbles” option ($54) included special brunch cocktails as well as unlimited Prosecco. The bubbles, however, were very average and did not […]

Like this:

(CNS Foodie): I will admit to having a soft spot for Café Amazon since it seems to be one of the few businesses on this island trying to make a difference by embracing the idea of a zero carbon footprint. They also say they source their ingredients locally and use organic coffees and teas. So when I found myself in George Town around lunchtime, feeling peckish, I thought it would be good to go visit again.

Like this:

(CNS Foodie): In the mood for a change of scenery, my companion and I decided a small trip to West Bay was in order, plus the opening of a new café had caught my eye. We found the place fairly easily; the Boggy Sand Café is in the car park next door to Foster’s Republix. It is in a new building which is actually quite nicely done — interesting brickwork and curved

Like this:

(CNS Foodie): My partner and I were in the mood for al fresco dining, especially somewhere with an ocean view. Catch was our choice and we were looking forward to the evening out, but unluckily Mother Nature decided to let it rain. Despite the dismal weather, which surprised us, as we scampered to the restaurant for cover, the staff was clearly equipped. After a polite apology for the delay while they rearranged the seating area, and a short but pleasant […]

Like this:

(CNS Foodie): When you’re preparing to go out for dinner, there’s this surging excitement, almost childlike anticipation, of the possibilities of the epicurean night ahead. For me, it’s the prospect of sampling someone’s culinary creativity, a chance to take pointers from experts in a field in which I’ve dabbled, albeit as a domestic thrill, never as a profession. It’s also just as much about not having to slave over a hot stove, if I’m being honest.

Like this:

(CNS Foodie): My companion and I decided that a nice meal out was just the thing to pick up our spirits mid-week (plus the leftovers had run out) so we headed to The Wharf Restaurant and Bar. The Wharf has been newly refurbished and we wanted to see what changes had been made and check out the food. It was a weeknight, so turning up without a reservation was no problem and the staff were, as always,